NUMBER SYSTEMS Number Theory Is the Study of the Integers. We

NUMBER SYSTEMS

Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., −3, −2, −1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication, which are associative (a + (b + c) = (a + b) + c, a(bc) = (ab)c for a, b, c ∈ Z) and commutative (a + b = b + a, ab = ba). Moreover, these operations interact via the distributive law (a(b + c) = ab + ac) and have neutral elements 0 and 1 respectively (a+0 = a and a·1 = a). Notice also that each integer can be negated (a+(−a) = 0). In modern algebra language, a set having the aforementioned properties is called a commutative ring. The two operations in Z are not, however, “created equal”, for while every integer can be negated (for example, 3 + (−3) = 0), not every integer can be inverted (there is no integer b such that 3b = 1). Indeed, the only integers whose reciprocals are also integers are 1 and −1. In general, an element a of a commutative ring is called a unit if there is an element b of the ring such that ab = 1. The rational numbers, denoted by Q, are all the ratios of integers: na o = : a, b ∈ and b 6= 0 Q b Z 4 2 (of course, we consider 6 and 3 , for example, to be the same element of Q). Like Z, Q is a commutative ring, but in contrast any nonzero ele- a b ment of Q is a unit (if b ∈ Q and a 6= 0, then a ∈ Q also); commutative rings having this additional property are called fields. Another field you are familiar with is the real numbers, denoted by R. Notice that Z ⊂ Q ⊂ R. We know how Z sits in R (imagine a number line with the integers marked off); you may have thought less about how Q sits in R. Proposition 1. Between any two real numbers, there is a rational number. Proof. Suppose a, b ∈ R with a < b. Let n be a positive integer large 1 enough that n < b − a. Since the rational numbers { ..., −2/n, −1/n, 0, 1/n, 2/n, . . . } 1 are spaced n apart, at least one of them lies between a and b. Because of Proposition 1, we say that Q is dense in R. However, not every real number is rational; a real number which is not rational is called irrational. Proposition 2. e is irrational. Proof. Suppose that e were rational. Then e = a/b for some positive integers a and b. It follows that the number α defined by 1 1 1 1 α = b! e − 1 − − − − · · · − 1! 2! 3! b! is an integer (imagine multiplying the b! through). Moreover, since e is defined by ∞ X 1 e = , n! n=0 we also have that α is positive. Next note that the definition of e, along with the formula for the sum of a convergent geometric series, implies that 1 1 1 1 α = b! + + ··· = + + ··· (b + 1)! (b + 2)! b + 1 (b + 1)(b + 2) 1 1 1 b+1 1 < + 2 + ··· = 1 = ≤ 1. b + 1 (b + 1) 1 − b+1 b We conclude that α < 1, which is a contradiction since α is a positive integer. Note that e is an infinite sum of positive rational numbers - as such, it is the limit of an increasing sequence of rational numbers (namely, the sequence of partial sums) - yet e itself is not rational. The set of real numbers R has the remarkable property that every increasing sequence of rational numbers is either unbounded or converges to an element of R. In fact, R is the smallest such field, in the sense that any other field which contains Q and has this property also contains R as a subfield. We will see more irrational numbers later; in fact, it turns out that the irrationals are much more numerous than the rationals. Another field that you may have worked with is the field of complex numbers C: C = {a + bi | a, b ∈ R}, where i2 = −1. Many of the commutative rings that we study in these notes (for example, Z, Q and R) are contained in C. DIVISIBILITY

Let us first focus on the multiplicative structure of Z. We begin by discussing how integers break down into simpler multiplicative parts. Definition 3. If a, b ∈ Z, we say that b divides a, and write b | a, if there is an integer c such that a = bc. Synonyms for “b divides a” that you may be familiar with are “b is a divisor of a”, “b is a factor of a”, “a is a multiple of b” and “a is divisible by b”. If b is not a divisor of a, we write b - a. Example 4. 3 | 12, 7 - 16 Example 5. The positive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. Notice that any integer a is a divisor of 0 (0 = a · 0) and is divisible by 1 (a = 1 · a). A direct consequence of the former statement is the following surprisingly useful result. Corollary 6. If a is an integer and there is a positive integer b such that b - a, then a 6= 0. We have thus far only discussed divisibility in Z. The analogous notion of divisibility in Q is trivial in the following sense: if r is a nonzero rational number, then r divides every rational number (this follows from the fact that we can invert any nonzero element of Q). In fact, the same is true in every field; for this reason, when we discuss divisibility we will mean it in the context of the integers unless otherwise stated. Proposition 7. Let a, b, c ∈ Z. (1) If a | b and b | c, then a | c. (2) If a | b and a | c, then for any integers x and y, a | (xb + yc). Proof. (1) Since a | b and b | c, there are integers m and n such that b = am and c = bn. Then c = (am)n = a(mn). Since mn is an integer, it follows that a | c. (2) Since a | b and a | c, there are integers m and n such that b = am and c = an. Then xb + yc = x(am) + y(an) = a(xm + yn), and so a | (xb + yc). THE PRIMES

Notice that every integer n > 1 has at least two positive divisors, namely 1 and n (these are sometimes called the trivial divisors of n). If d | n and 1 < d < n, d is called a proper divisor of n. Definition 8. An integer p > 1 is called prime if its only positive divisors are 1 and p (i.e., if it has no proper divisors). An integer n > 1 that is not prime is called composite. Example 9. The first five primes are 2, 3, 5, 7 and 11. Primes can therefore be thought of as multiplicatively the simplest positive integers. We now establish their central place in multiplicative number theory. Proposition 10. If an integer n > 1 is composite, then the smallest proper divisor of n is prime. Proof. Let d be the smallest proper divisor of n. If d had a proper divisor m, then m would be a divisor of n by Proposition 7 (1), and since 1 < m < d < n, m would be a proper divisor of n. Since m < d, this contradicts that d is the smallest proper divisor of n. Therefore d has no proper divisors, i.e., d is prime. Theorem 11. Every integer n > 1 is a product of primes. Proof. By induction. Since 2 is prime, it is the product of a single prime, so the statement holds for n = 2. Now suppose it holds for all the integers from 2 up to n. If n + 1 is prime, the statement holds for n + 1. If n + 1 is composite, then by Proposition 10 it has a proper prime divisor p. Write n + 1 = pm. Since 1 < p < n + 1, it follows that 1 < m < n + 1, i.e. 2 ≤ m ≤ n. By the induction hypothesis m is a product of primes, and therefore so is pm = n + 1. Example 12. 84 = 2 · 42 = 2 · 2 · 21 = 2 · 2 · 3 · 7

We see that the primes are the multiplicative building blocks of Z, and therefore it is natural to study them as a distinguished set. One natural question to ask is “how many primes are there?” Theorem 13. (Euclid) There are infinitely many primes. Proof. Let S be any nonempty finite set of primes. Consider the integer Y n = 1 + p. p∈S If n is prime, then since n is larger than any element of S, we have that n∈ / S. If n is composite, then by Proposition 10 it has a prime divisor q. Notice that q∈ / S, for if q were an element of S, then it Q would divide p∈S p = n − 1, and then by Proposition 7 (2) it would divide 1 · n + (−1) · (n − 1) = 1, a contradiction. We see that in all cases, there is a prime that lies outside S. It follows that no finite set of primes contains every prime, and thus the set of primes is infinite. Let us now consider the problem of identifying the primes among the positive integers. Suppose we start from the very definition of a prime: an integer p > 1 with no proper divisor. We can immediately see a way to determine whether an integer n > 1 is prime: search for proper divisors of n. If we find one then n is composite, and if we do not then n is prime. Since a proper divisor d of n satisfies 1 < d < n, we know that this algorithm will involve no more than n − 2 steps. Now that we have an algorithm, let us consider how to make it more efficient. First of all, note the obvious fact that the algorithm need not involve n − 2 steps for every n; indeed, if we find a proper divisor of n we may stop immediately and conclude that n is not prime. In general, then, the efficiency of our algorithm will depend partly upon our testing the integers that are most likely to be divisors of n first. Since one half of the positive integers are divisible by 2, one third of the positive integers are divisible by 3 and so on, it therefore makes sense to test the integers in increasing order. Next note that if n is composite and we search in this way, we will automatically find the smallest proper divisor d of n first. Recall that d is prime by Proposition 10; it also has the following important property.

Proposition 14.√ If n is composite and d is the smallest proper divisor of n, then d ≤ n.

Proof. Consider the alternative. Combining Propositions 10 and 14 and our discussion above, we obtain the following primality test.

Algorithm 15. (for determining whether√ n > 1 is prime) Search for divisors of n among the primes ≤ n, in increasing order beginning with 2. If a divisor is found, we conclude that n is composite and stop the search. If a divisor is not found, we conclude that n is prime. √ Example 16. 113 is prime since 113 = 10.63... and 113 is not divisible by 2, 3, 5 or 7. Not a bad test; we don’t need to check all√ the integers from 2 up to n − 1 for divisors, only the primes up to n. However, there is something about our primality test that may bother you: to√ use it to test the primality of n, we need to have a list of the primes ≤ n. How does one find such a list? It turns out that we have an efficient way to do so for values of n that are not too large, and for this we may thank the ancient Greek Eratosthenes. Algorithm 17. (Sieve of Eratosthenes, for finding the primes ≤ m) List the integers from 2 up to m, then apply the following iterative procedure to this list. The integers not eliminated in this process are the primes ≤ m.

(1) Determine√ the smallest integer√ p in the list that is not circled. (2) If p > m, stop. If p ≤ m, circle it and eliminate all other multiples of p from the list, then go back to step (1). Proof that Algorithm 17 works. First, it is clear that in the algorithm only composite numbers are eliminated. Let us now show that the circled numbers are primes. We do this by induction. If there is a circled integer, then clearly 2 is the smallest such, and it is prime. Now suppose that the ﬁrst k circled integers are primes. The sieve eliminated all of the multiples of these k primes (except themselves); hence the (k+1)st circled integer (if it exists) is not divisible by any of the primes that are smaller than it, and is therefore prime by Proposition 10. Finally, what about the remaining uncircled numbers? They remain because they are not multiples of√ any of the circled numbers, which as we have seen are the primes ≤ m; by Propositions 10 and 14, then, the remaining uncircled numbers are also prime. COMMON DIVISORS

Consider the following problem: we wish to tile a rectangular floor that is 12 feet by 18 feet. For ease of cutting we wish to use tiles that are square, of uniform size, and have integral side length s (in feet). As we would like to minimize the amount of cutting, we wish to minimize the number of tiles used. How shall we do this? Since we are using tiles of uniform size, it is clear that this is equiv- alent to finding the largest usable tile. If we use a rows and b columns of tiles, we have the following relationships: sa = 18 and sb = 12. These imply that s is a divisor of both 18 and 12, so the maximal s is the largest integer that is a divisor of both 18 and 12, namely 6. Definition 18. If a, b and d are integers, we say that d is a common divisor of a and b if d | a and d | b. If a and b are not both zero, the greatest common divisor (gcd) of a and b is denoted by (a, b). Example 19. The set of positive divisors of 20 is {1, 2, 4, 5, 10, 20} and the set of positive divisors of 35 is {1, 5, 7, 35}. The set of positive common divisors of 20 and 35 is {1, 5}, and so (20, 35) = 5. Example 20. If r is a positive integer, then (r, 0) = r since r is the greatest divisor of r and every integer is a divisor of zero. Computing the gcd of two positive integers can always be done in a straightforward way: find the positive divisors of each, then identify the largest integer that appears in both lists. For large numbers, however, this procedure can become quite unwieldy - for example, 2310 has 32 positive divisors and 1092 has 24. We might hope for a quicker way to find (2310, 1092), and indeed, Euclid discovered a method for finding (a, b) which has not been significantly improved to this date. The basis of this method is the following familiar fact. Algorithm 21. (Division Algorithm) Let a and b be integers with a > 0. Then there exist unique integers q and r such that b = qa + r and 0 ≤ r < a.

Proof. Let q = bb/ac (recall that if t ∈ R, btc denotes the largest integer that is less than or equal to t). Since (b/a) − 1 < bb/ac ≤ b/a, it follows that b − a < qa ≤ b, and hence b − b ≤ b − qa < b − (b − a), i.e. 0 ≤ b − qa < a. Letting r = b − qa, we have established existence. For uniqueness, suppose

b = q1a + r1 = q2a + r2 with 0 ≤ r1, r2 < a. Without loss we may assume that r1 ≤ r2. The equality of our two expressions for b yields

a(q1 − q2) = r2 − r1, which implies that a | (r2 − r1). Since 0 ≤ r2 − r1 < a, it follows that r2 − r1 = 0. Then our last displayed equation gives a(q1 − q2) = 0, and since a 6= 0, it must be that q1 − q2 = 0. Example 22. If we divide a = 7 into b = 38, we get a quotient of q = 5 and a remainder of r = 3. Euclid’s algorithm combines the Division Algorithm and the following result. Proposition 23. Let a, b and r be as in the Division Algorithm. Then (a, b) = (a, r). Proof. By deﬁnition (a, b) divides a and b. Since r = 1 · b + (−q) · a, Proposition 7 (2) tells us that (a, b) divides r. Hence (a, b) is a common divisor of a and r, and thus (a, b) ≤ (a, r). On the other hand, (a, r) divides a and r, and since b = q·a+1·r,(a, r) divides b by Proposition 7 (2). Hence (a, r) is a common divisor of a and b, and therefore (a, r) ≤ (a, b). We conclude that (a, b) = (a, r). Algorithm 24. (Euclidean Algorithm) Let a and b be positive integers with a < b. By the Division Algorithm we have

b = q1a + r1 with 0 ≤ r1 < a. If r1 6= 0, we ﬁnd by the Division Algorithm

a = q2r1 + r2 with 0 ≤ r2 < r1. For i ≥ 2, if ri 6= 0 the Division Algorithm gives

ri−1 = qi+1ri + ri+1 with 0 ≤ ri+1 < ri. Since the ri form a decreasing sequence of nonnegative integers, it must be that rk = 0 for some k ≥ 1. If k = 1 Proposition 23 yields

(a, b) = (a, r1) = (a, 0) = a, while if k > 1 it yields

(a, b) = (a, r1) = (r1, r2) = ··· = (rk−1, rk) = (rk−1, 0) = rk−1. Example 25. (1092, 2310) = (1092, 126) = (126, 84) = (84, 42) = (42, 0) = 42 Notice that the Euclidean Algorithm allows us to find the gcd of two integers without first finding any divisors of either one. Moreover, as a byproduct of the algorithm we can write (a, b) as a linear combination of a and b. Proposition 26. If a and b are positive integers, then there exist integers m and n such that (a, b) = ma + nb.

Example 27. Referring to Example 25, the division that produced the gcd of 42 as remainder tells us that 42 = 126 − 84, while the preceding divisions gave us 84 = 1092 − 8 · 126 and 126 = 2310 − 2 · 1092. Then 42 = 126 − (1092 − 8 · 126) = 9 · 126 − 1092 = 9(2310 − 2 · 1092) − 1092 = 9 · 2310 − 19 · 1092. Proposition 28. Given positive integers a and b, let S = {xa + yb | x, y ∈ Z} and T = {(a, b)c | c ∈ Z}. Then S = T , i.e., the set of linear combinations of a and b is equal to the set of multiples of (a, b). Proof. Let s ∈ S. Then s = xa + yb for some x, y ∈ Z. Since (a, b) is a divisor of a and b, s is divisible by (a, b) by Proposition 7 (2), and thus s ∈ T . Now let t ∈ T . Then t = (a, b)c for some c ∈ Z. By Proposition 26 there exist m, n ∈ Z such that (a, b) = ma + nb. Hence t = (a, b)c = (ma + nb)c = (mc)a + (nc)b, and thus t ∈ S. UNIQUE FACTORIZATION

We proved earlier (Theorem 11) that every integer n > 1 can be written as a product of primes. Our aim now is to show that this expression is unique - that is, one always obtains the same prime factors no matter what path one takes to a prime factorization of a number. For example, 90 = 3 · 30 = 3 · 3 · 10 = 3 · 3 · 2 · 5 and 90 = 5 · 18 = 5 · 3 · 6 = 5 · 3 · 2 · 3. We require one preliminary result.

Proposition 29. Let a, b ∈ Z. If p is prime and p | ab, then p | a or p | b.

Proof. Since p | ab, ab = pq for some q ∈ Z. Suppose p - a. Then (a, p) = 1, so by Proposition 26 we can ﬁnd integers m and n such that ma + np = 1. Then b = b · 1 = b(ma + np) = (ab)m + bnp = (pq)m + bnp = p(qm + bn), and therefore p | b. Theorem 30. The prime factorization of an integer n > 1 is unique up to ordering of the prime factors. Proof. Suppose n = p1 · p2 ··· pk = q1 · q2 ··· q` with p1, . . . , pk and q1, . . . , q` prime. We may assume without loss of generality that k ≤ `. Then p1 | q1(q2 ··· q`) (note that the product q2 ··· q` could be empty, and thus equal to 1), so by Proposition 29, p1 | q1 (in which case p1 = q1) or p1 | q2 ··· q`. Assuming the latter holds, it must be that ` ≥ 2, and by the same argument as above we then conclude that p1 = q2, or ` ≥ 3 and p1 | q3 ··· q`. By exhaustion we ﬁnd that p1 = qi for some 1 ≤ i ≤ `. Canceling these, we obtain ` Y p2 ··· pk = qj j=1, j6=i

If k ≥ 2, we may repeat our argument to show that p2 = qj for some j 6= i; canceling these and continuing in this fashion we eventually eliminate all the ps, leaving the left hand product as 1. It follows that at this point all of the qs must have been canceled as well (else the product of the remaining qs would be > 1). Thus the two factorizations are the same up to ordering of the prime factors. Definition 31. If m is a positive integer and p is a prime, define vp(m) to be the highest power of p that divides m (this is a well-defined notion by Theorem 30). Notice that Y m = pvp(m), p prime and that vp(m) = 0 for all but finitely many primes p. We worked hard to prove the uniqueness of prime factorizations, a result that is probably quite familiar to you. In fact, it may be so familiar as to seem trivial. Is it? The answer to this question is no, in the following sense: there are number systems very similar to the integers in which factorization into primes is not unique. Example 32. Consider the commutative ring √ √ Z[ −6] = {a + b −6 : a, b ∈ Z} √ √ (note that this is a subset of C since we may set −6 = 6i). In this number system 2 and 5 are “primes” in the sense that they have no nontrivial divisors√ (for example,√ the only divisors of 2 are ±1 and ±2), and so are 2 + −6 and 2 − −6. The fact that √ √ 2 · 5 = 10 = (2 + −6)(2 − −6) √ shows that we do not have unique factorization in Z[ −6]. Thinking back to our proof√ of Theorem 30, if we tried to use the same argument to prove that Z[ −6] has unique factorization, the part that would fail is the one√ involving Proposition 29. The analog of this result does not hold in Z[ −6], as our example shows√ - note that despite the fact that 2 has√ no nontrivial√ divisors in Z[ −6] and is a divisor of the product (2− −6)(2+ −6), it is clearly not a divisor of either factor. Unique factorization allows us to prove the irrationality of many real numbers. √ Proposition 33. 7 is an irrational number. √ Proof. Suppose 7 were rational. Then √ a 7 = b for some integers a and b. It follows that a2 = 7b2, 2 2 2 2 and so v7(a ) = v7(7b ). Since v7(a ) = 2v7(a) is even and v7(7b ) = 1 + 2v7(b) is odd, we have a contradiction. The proof of the preceding proposition generalizes easily to yield the following result. Theorem 34. Suppose b and m are positive integers with m > 1. If b is not the mth power of an integer, then the positive real mth root of b is irrational. √ Example 35. 251/3 and 27 are irrational. CONGRUENCES

We develop here the language of congruences, which is extremely useful when discussing number theoretic questions. Deﬁnition 36. Let a, b and m be integers with m > 0. We say that a is congruent to b modulo m if m | (a − b), and in this case we write a ≡ b (mod m). Example 37. 23 ≡ 8 (mod 5) since 23 − 8 = 15 and 15 = 5 · 3 53 ≡ −3 (mod 8) since 53 − (−3) = 56 and 56 = 8 · 7 28 ≡ 0 (mod 7) since 7 | 28 Note that the integers congruent to 0 modulo m are those that are multiples of m. More generally, suppose a is a positive integer and we get a remainder of r upon dividing m into a (i.e., a = qm + r in the notation of the Division Algorithm). Then since a − r = qm, we have that m | a − r, and thus a ≡ r (mod m). For example, since dividing 497 by 5 gives a remainder of 2, 497 ≡ 2 (mod 5). Example 38. The integers that are congruent to 0 modulo 3 are {..., −6, −3, 0, 3, 6,... }, those congruent to 1 modulo 3 are {..., −5, −2, 1, 4, 7,... }, and those congruent to 2 modulo 3 are {..., −4, −1, 2, 5, 8,... }. The sets shown above are sometimes called the congruence classes (or residue classes) modulo 3; note that every integer is congruent to 0, 1 or 2 modulo 3. In general, modulo m every integer is congruent to exactly one element of the set {0, 1, 2, . . . , m−1} (as per our discussion above, this is a consequence of the Division Algorithm since these are the possible remainders on dividing by m). We often choose these m numbers, which are called the least residues, as representatives of the congruence classes modulo m (of course, we could also choose other sets, such as {1, 2, . . . , m}). When we work “modulo m” we consider integers a and b to be the same if a ≡ b (mod m), and as a result we end up dealing with a ﬁnite set. For example, with hours in standard time we work modulo 12 and use the representatives {1, 2, 3,..., 12}, while with minutes we work modulo 60 and use the representatives {0, 1, 2,..., 59}. We now show that one can perform arithmetic modulo m, and that this is consistent with the usual arithmetic in Z. Proposition 39. Suppose a, b, c, d and m are integers with m > 0. If a ≡ c (mod m) and b ≡ d (mod m), then a + b ≡ c + d (mod m) and ab ≡ cd (mod m).

Proof. Since a ≡ c (mod m) and b ≡ d (mod m), we know that m | (a − c) and m | (b − d). Then by Proposition 7 (2), m is a divisor of 1 · (a − c) + 1 · (b − d) = (a + b) − (c + d), and so a + b ≡ c + d (mod m). Moreover, Proposition 7 (2) also tells us that m is a divisor of b · (a − c) + c · (b − d) = ab − cd, and therefore ab ≡ cd (mod m). Proposition 39 implies that the congruence classes modulo m form a commutative ring under the addition and multiplication induced from Z. This ring is denoted Z/mZ. Example 40. Suppose we wish to know what the least residue of 3294794857 · 90983475983 is modulo 10. One way to do this is to multiply these numbers together and find the least residue of the result. Another way is to find the least residues of the factors first, then use Proposition 39: 3294794857 ≡ 7 (mod 10) and 90983475983 ≡ 3 (mod 10), so 3294794857 · 90983475983 ≡ 7 · 3 ≡ 21 ≡ 1 (mod 10). Example 41. Suppose we wish to calculate the least residue of 4602 modulo 7. Rather than actually computing 4602 (which has hundreds of digits), we can simply note that 43 = 64 ≡ 1 (mod 7), and then by Proposition 39, 4602 = 4600 · 42 = (43)200 · 42 ≡ 1200 · 42 ≡ 16 ≡ 2 (mod 7). We see that “modular arithmetic” is often easier than the usual arithmetic in Z since there are only m congruence classes modulo m and we may choose a “small” representative of each class (for example, one lying in {0, 1, . . . , m − 1}). Another way that modular arithmetic differs is that while there are only two units in Z (namely −1 and 1), there can be many more units in Z/mZ. For example, there is no integer a such that 5a = 1, but modulo 7 we have that 5 · 3 = 15 ≡ 1 (mod 7). Proposition 42. Let a and m be integers with m > 0. There exists an integer b such that ab ≡ 1 (mod m) if and only if (a, m) = 1. Proof. Suppose that (a, m) = 1. By Proposition 26 there exist integers b and n such that ab + mn = 1. Then ab = 1 − mn ≡ 1 − 0 · n ≡ 1 (mod m). Now suppose there exists an integer b such that ab ≡ 1 (mod m). Then m | ab − 1, so ab − 1 = km for some integer k. Since (a, m) is a common divisor of a and m, by Proposition 7 (2), (a, m) is a divisor of b · a + (−k) · m = 1.

Thus (a, m) = 1. Corollary 43. If ax ≡ ay (mod m) and (a, m) = 1, then x ≡ y (mod m). Proof. Since (a, m) = 1, by Proposition 42 there is an integer b such that ab ≡ 1 (mod m). Then x = 1 · x ≡ (ab)x ≡ b(ax) ≡ b(ay) ≡ (ab)y ≡ 1 · y ≡ y (mod m).

Thus we may cancel a common factor a from a congruence modulo m if (a, m) = 1. Notice that we may NOT necessarily cancel if (a, m) > 1; for example, 6 · 8 ≡ 6 · 3 (mod 15) even though 8 6= 3 (mod 15). Definition 44. If a and m are integers, we say that a and m are coprime, or relatively prime, if (a, m) = 1. We have seen that there are exactly m distinct congruence classes modulo m. Let us now study the commutative ring Z/mZ further. Definition 45. For m > 1, let U(m) = {0 ≤ a ≤ m − 1 : (a, m) = 1}. The Euler phi function φ is defined by φ(m) = #U(m). Example 46. U(6) = {1, 5}, U(11) = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} and U(12) = {1, 5, 7, 11}, so φ(6) = 2, φ(11) = 10 and φ(12) = 4. Proposition 47. If p is prime, then φ(p) = p − 1. Proof. Since the only positive divisors of p are 1 and p, ( 1 if p a, (a, p) = - p if p | a. Thus U(p) = {1, 2, . . . , p − 1}. We will now focus on the structure of the units in Z/mZ. We begin by proving two preliminary propositions. Proposition 48. Let a, b and m be integers with m > 0. If a ≡ b (mod m), then (a, m) = (b, m). Proof. Since a ≡ b (mod m), a − b = km for some integer k. By definition (b, m) divides b and m, so by Proposition 7 (2), (b, m) divides b+km = a. Hence (b, m) is a common divisor of m and a, and therefore (b, m) ≤ (a, m). On the other hand, (a, m) is a divisor of a and m, and so Proposition 7 (2) tells us that (a, m) divides a−km = b. Since (a, m) is a common divisor of m and b, it follows that (a, m) ≤ (b, m). Notice that by Propositions 42 and 48, the elements of U(m) are representatives for the units in Z/mZ. Proposition 49. Let a, b and c be positive integers. (1) If (a, b) = (a, c) = 1, then (a, bc) = 1. (2) If a | c, b | c and (a, b) = 1, then ab | c. (3) If a | bc and (a, b) = 1, then a | c. Proof. (1) By contrapositive. Suppose (a, bc) = d > 1. Then d has a prime divisor p by Theorem 11. Since p | d and d | a and d | bc, we have that p | a and p | bc by Proposition 7 (1). The latter yields that p | b or p | c by Proposition 29, and combining this with p | a we conclude that (a, b) ≥ p > 1 or (a, c) ≥ p > 1. (2) Since a | c, c = ka for some integer k. Moreover, by Proposi- tion 26 there exist integers m and n such that ma + nb = 1. Then k = k · 1 = k(ma + nb) = (ka)m + knb = cm + knb. Clearly b | b, and since b | c, it follows by Proposition 7 (2) that b | k. Then k = b` for some integer `, which yields c = ka = (b`)a = `(ab). (3) Since a | bc and (a, b) = 1, there exist integers k, m and n such that bc = ak and ma + nb = 1. Then c = c(ma + nb) = cma + nbc = cma + nak = a(cm + nk). Proposition 50. If a and m are integers with m > 1 and (a, m) = 1, then there is a positive integer s ≤ φ(m) such that as ≡ 1 (mod m). Proof. Consider the integers a, a2, a3, . . . , aφ(m)+1. Since (a, m) = 1, (an, m) = 1 for any n ≥ 1 by Proposition 49 (1). Hence the list above consists of φ(m) + 1 integers, each coprime to m. By Proposition 48 the least residues of these are in the set U(m), and since U(m) has φ(m) elements, these powers of a cannot all be distinct modulo m. So aj ≡ ai (mod m) for some 1 ≤ i < j ≤ φ(m) + 1. By Corollary 43, then, aj−i ≡ 1 (mod m). Definition 51. If a and m are coprime integers with m > 1, we call the smallest positive integer t such that at ≡ 1 (mod m) the order of a modulo m. Example 52. The order of 3 modulo 11 is 5 since 31 ≡ 3 (mod 11), 32 ≡ 9 (mod 11), 33 ≡ 5 (mod 11), 34 ≡ 4 (mod 11), 35 ≡ 1 (mod 11). Proposition 53. Suppose a and m are integers with m > 1 and (a, m) = 1. If s is a positive integer such that as ≡ 1 (mod m), then the order of a modulo m divides s. Proof. Denote by t the order of a modulo m. By the Division Algorithm we obtain s = qt + r with 0 ≤ r < t. Then 1 ≡ as ≡ aqt+r ≡ (at)q · ar ≡ 1q · ar ≡ ar (mod m). Since r < t, by the definition of order we conclude that r = 0, and therefore t | s. Theorem 54. (Fermat) If m > 1 and (a, m) = 1, then aφ(m) ≡ 1 (mod m). Proof. Consider the set of φ(m) congruence classes modulo m repre- sented by the elements of U(m). By Corollary 43 the φ(m) integers {an | n ∈ U(m)} also represent φ(m) distinct congruence classes modulo m, and since (an, m) = 1 for n ∈ U(m) by Proposition 49 (1), it follows that they represent the same congruence classes as the elements of U(m). There- fore Y Y Y n ≡ an ≡ aφ(m) · n (mod m), n∈U(m) n∈U(m) n∈U(m) and upon canceling the common factors (via Corollary 43) we find that aφ(m) ≡ 1 (mod m). Corollary 55. If m > 1 and (a, m) = 1, then the order of a modulo m divides φ(m). Example 56. Suppose we want to know the order of 5 modulo 257. Since 5 and 257 are prime and 5 - 257, we know that this order exists and is a divisor of φ(257) = 256 = 28. Since the positive divisors of 28 are 1, 2, 22,..., 28, to find the order of 5 we need only compute 52 ≡ 25 (mod 257), 54 = (52)2 = 252 ≡ 111 (mod 257), 58 ≡ 1112 ≡ 242 (mod 257), 516 ≡ 2422 ≡ 225 (mod 257), 532 ≡ 2252 ≡ 253 (mod 257), 564 ≡ 2532 ≡ 16 (mod 257), 5128 ≡ 162 ≡ 256 (mod 257), from which we conclude that 5 has order 256 modulo 257. Corollary 57. If p is prime and p - a, then ap−1 ≡ 1 (mod p). Corollary 58. If p is prime and a is any integer, then ap ≡ a (mod p).

We end this section by considering the question of simultaneous congruences.

Theorem 59. (Chinese Remainder Theorem) Suppose m1, m2, . . . , mr are positive integers such that (mi, mj) = 1 if i 6= j. Let a1, a2, . . . , ar be any integers, and write m = m1m2 ··· mr. Then there exists an integer x such that x ≡ ai (mod mi) for every 1 ≤ i ≤ r. Moreover, for any integer y satisfying these congruences, y ≡ x (mod m).

Proof. For each 1 ≤ j ≤ r, m/mj is an integer, and by Proposition 49 (1), (m/mj, mj) = 1. Then by Proposition 42 there is an integer bj such that (m/mj)bj ≡ 1 (mod mj). Let r X x = (m/mj)bjaj. j=1 Since m/mj is divisible by mi if i 6= j, we have that (m/mj)bjaj ≡ 0 · bjaj ≡ 0 (mod mi). It follows that for every 1 ≤ i ≤ r, X X x ≡ (m/mi)biai + (m/mj)bjaj ≡ 1 · ai + 0 ≡ ai (mod mi). j6=i j6=i Finally, if y is any solution of the stated congruences, then y ≡ x (mod mj), and hence mj | (y −x), for all 1 ≤ j ≤ r. By Proposition 49 (1) and (2) it follows that m | (y − x), and thus y ≡ x (mod m).